MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3b2dbaf4684b38ff966a244069a73505cb8137efe19b95afd63f7a6029060cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Formbook


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a3b2dbaf4684b38ff966a244069a73505cb8137efe19b95afd63f7a6029060cb
SHA3-384 hash: 7054ee453d3bfd0387dc83d1f3aee8efc0f69e812341e023a5eef09ba17cf87fa398e5b2f531f9f4a65870a2b90b5fd3
SHA1 hash: 39515bc000c610d8d24dc6e9cdf3ed3822db2e46
MD5 hash: 3eadf117ee78e15f523a216de2712571
humanhash: nine-single-mississippi-winner
File name:win3.exe
Download: download sample
Signature Formbook
Create hunting rule
File size:377'983 bytes
First seen:2021-08-19 08:23:44 UTC
Last seen:2021-08-19 09:11:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 987efec7b4ce55d90da19b9e2ec8d4da (4 x Formbook)
ssdeep 6144:SZE2l4uoI7yeX7TAENcJC1iV96Ju7UNBMqd+EFK+T6upU9mULKpgMo:SZJoxeX7TAbY1ib7UNvFKkYmU2xo
Threatray 7 similar samples on MalwareBazaar
TLSH T13384F154B654E285D0F1703C4B90D26613913DB92FAF521B3B837B1E2A361A3693B63F
dhash icon 32fe6e56473d5ed8 (1 x Formbook)
Reporter ankit_anubhav
Tags:exe FormBook

Intelligence

File Origin
# of uploads :
2
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
win3.exe
Verdict:
Malicious activity
Analysis date:
2021-08-19 08:27:40 UTC
Tags:
trojan formbook stealer
Link:
https://app.any.run/tasks/d60d2f0d-f318-43ce-be37-40ed94084308

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Formbook
Create hunting rule
Link:
https://www.capesandbox.com/analysis/180587/
Detection(s):
SecuriteInfo.com.Trojan.Packed2.43330.30560.19798.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/65c9ab34-d16d-4c3f-9429-b8fbea3e01bd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/835620
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a3b2dbaf4684b38ff966a244069a73505cb8137efe19b95afd63f7a6029060cb/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2021-08-18 19:12:41 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
1736c3f3d740011ba6f6d8f18def38d20f0bcbf88c3f69821db18578bc00590a
Formbook
179d1cf7266d0149e967f7e6829ed485e3bb73e75ffbce4883111f2595845c85
Formbook
9f8faf1ca8d3262940620bcb00487188e8657336cc3cb498ba4ad90ae96a59af
Formbook
d699748002a4cf4d6250e0aca08e4de6e687f39a9f946171a57f573410be3d25
Formbook
e72dab4f75cd19899422ecf38de195bf487f0f9d2b0ccad98c13a48e9d782e97
Formbook
e77133630fd1d9de3ee373ff4d04898a2b573ea0160b450b5629db347e41d123
Formbook
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/210819-fkfg6whbnn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
32be150a050a1b8598455b6db794c2f56bdfb998c759501df5ded3a67fe88d03
MD5 hash:
93978002bb2f119aef04178c435b0137
SHA1 hash:
e47da20db7083286e29c16d9e35dcb620e23b29b
Detections:
win_formbook_g0
Create hunting rule
win_formbook_auto
Create hunting rule
Link:
https://www.unpac.me/results/d8929b97-eb74-49f3-aa69-66ba07d63898/
Parent samples :
b93e489f88aa4b4e93dafa16bd6f86956568d7b96574aaf768fd755f9c839db3
db59f359b1391841761f1eb6924a49ac7d39fce5033f9048b8be2c6b74734f3c
7149b1dc6fb8e0516e7f43b05cc0f452f078db558dd3be0ab066ab13f19c7e86
a3b2dbaf4684b38ff966a244069a73505cb8137efe19b95afd63f7a6029060cb
32be150a050a1b8598455b6db794c2f56bdfb998c759501df5ded3a67fe88d03
4cc65796b96504f7436452abb5337d83927568039b02e670b8997e92770d8c98
SH256 hash:
a3b2dbaf4684b38ff966a244069a73505cb8137efe19b95afd63f7a6029060cb
MD5 hash:
3eadf117ee78e15f523a216de2712571
SHA1 hash:
39515bc000c610d8d24dc6e9cdf3ed3822db2e46
Link:
https://www.unpac.me/results/d8929b97-eb74-49f3-aa69-66ba07d63898/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.33
Link:
https://yomi.yoroi.company/submissions/a3b2dbaf4684b38ff966a244069a73505cb8137efe19b95afd63f7a6029060cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Formbook

Executable exe a3b2dbaf4684b38ff966a244069a73505cb8137efe19b95afd63f7a6029060cb

(this sample)

  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/180587/

Comments